CVE-2023-32970NULL Pointer Dereference in Systems INC QTS

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 72.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap Systems INC Qutscloud+3 more
Timeline
PublishedOct 13

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and late

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

CVEListV5qnap_systems_inc/quts_heroh5.0.xh5.0.1.2515 build 20230907+2
NVDqnap/quts_heroh4.5.0h4.5.4.2476+2
CVEListV5qnap_systems_inc/qutscloudc5.xc5.1.0.2498
NVDqnap/qutscloudc5.0.0.1919c5.1.0.2498
CVEListV5qnap_systems_inc/qts5.1.x5.1.0.2444 build 20230629+1

🔴Vulnerability Details

2
CVEList
QTS, QuTS hero, QuTScloud2023-10-13
GHSA
GHSA-vfgj-vqjw-hh7g: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions2023-10-13
CVE-2023-32970 — NULL Pointer Dereference | cvebase